Introduction Introduction Nils Gruschka University Kiel (Diploma - PowerPoint PPT Presentation

Network and Communications Security (IN3210/IN4210) Introduction

Introduction ● Nils Gruschka − University Kiel (Diploma in Computer Science) − T-Systems, Hamburg − University Kiel (PhD in Computer Science) Nils Gruschka − NEC Laboratories Europe, Bonn + Heidelberg − University of Applied Science Kiel − University of Oslo ● Contact: − nilsgrus@ifi.uio.no ● Areas of interest: − Security: Network, Web, Cloud Computing, Industrial Networks − Privacy, Data Protection 2

Introduction ● Nils A. Nordbotten − Cand.Scient and Ph.D. in informatics from UiO, and Executive Master of Management from BI Norwegian Business School − Simula Research Laboratory (2003-2007) − UniK-University Graduate Center (20 %) (2012-2014) − Norwegian Defence Research Establishment (FFI) (2007-2020) − University of Oslo (20 %) (2014-) − Thales Norway (2020-) ● Contact − n.a.nordbotten@its.uio.no 3

Organisation ● “Cloned” course: IN3210 (Bachelor) + IN4210 (Master) ● Course page (also for IN4210): − https://www.uio.no/studier/emner/matnat/ifi/IN3210/h20/index.html ● Lecture − Home study: Pre-recorded lecture videos − Online conference: Discussion and Q&A during the scheduled slots ● Workshop − Practical tasks, done individually or in groups − Not mandatory, but helps understanding the concepts from the lecture − Home work − Online conference: Discussion and Q&A during the scheduled slots 4

Organisation ● Canvas course: − https://uio.instructure.com/courses/28965 ● Quizzes: − For every topic a “learning progress control” quiz is offered − Not mandatory, but highly recommended ● Discussion board: − Ask / answer course-wide questions ● Groups (will be activated mid of September): − For the semester task − Discuss and exchange files inside the group 5

Examination ● Semester Task (in groups): − IN3210: write a report − IN4210: create a seminar presentation ● Written Exam (individually): − 3 hour digital exam at home ● Both parts of the exam must be passed and must be passed in the same semester. ● Final Grade Semester Task 30% Written Exam 70% 6

Semester Task (general) ● Select a network security topic (as a group): − https://uio- my.sharepoint.com/:x:/g/personal/nilsgrus_uio_no/EbEqNbzhIN5AsA6zuFlCae8BA g0eOvDXtRz8jgDynPmNJQ?e=esDJ2P ● Deadline for selecting group and topic: − 15. September ● (Optional) Propose own topics: − Submit your proposal: https://nettskjema.no/a/158011 − Deadline for topic proposal: 31. August − Approved topics will be added to the selection spreadsheet 7

Semester Task (just IN3210) ● Group size: 2 or 3 students ● Write a (scientific) report on the selected topic ● Length: 4 – 5 pages per person ● Language: English or Norwegian ● Submission via Inspera (more info later) ● Submission deadline: 20. November 8

Semester Task (just IN4210) Exact length of presentations will be ● Group size: 3 or 4 students announced end of ● Create a seminar presentation on the selected topic September! ● Presentation (submission of slides: 20. November) − Approx. 10 min per persons − Performed via Zoom − Presented to the whole course (teachers + students) − During the scheduled slots in November (details soon) − Language: English ● Handout (submission: 1 day before the talk) − 1 page, text + figures − Summarizes the most important facts ● Final exam (IN3210 + IN4210) will contain questions from seminar talks! 9

Semester Task (general) ● Scientific work: − Used sources (books, article, online recourses) must be referenced (at end of the report/on the last slide of the presentation) − Plagiarism → failed semester task → failed course 10

Content ● Cryptography ● Certificates & PKI ● Transport Layer Security ● IP Security ● MAC Security ● Wireless LAN Security ● Email Security ● DNS Security ● Firewalls ● Routing Security 11

Recommended Books ● https://link.springer.com/book/ 10.1007/978-3-642-04101-3 ● https://link.springer.com/book/ 10.1007/978-1-4471-6654-2 ● https://link.springer.com/book/ 10.1007%2F978-3-030-33649-3 12

Questions? 13

Introduction into (Network) Security 14

What is Security? Attacker Assets Threat Counter- measure 15

Computer Security ● Security of computers and networks ● Protection of digital assets ● Axioms of Computer Security: − Confidentiality (e.g. of transmitted secret information) − Integrity (e.g. of stored data) − Availability (e.g. of services) ● Further goals: − Authenticity − Non-repudiation − Privacy 16

Motivations for attacks ● Financial advantages − Free of charge use service with costs − Performing financial transactions − → Spoofing different identity ● “Fun” − Challenging security systems ● “Revenge” − Vandalism − Intrigues ● Political or religious motives 17

Security Threats ● Examples for attacks ● Basic attack measures − Services: on communication ▪ Denial-of-Service − Sniffing − Communication: − Redirection, e.g. ▪ Eavesdropping ▪ ARP Spoofing ▪ Modification ▪ DNS Poisoning − Stored data: ▪ Phishing − Man-in-the-middle ▪ Espionage ▪ Deletion ▪ „Vandalism“ 18

“Nomenclature” Alice ● The “good” ones: − Alice Bob − Bob ● The “bad” ones: − Eve (passive attacker) − Mallory (active attacker) Mallory Eve 19

Sniffing ● Requires access to the communication medium ● Passive Attacks, e.g.: − Eavesdropping − Traffic analysis Eve Bob Alice 20

Redirection ● Can be used as preparation for man-in-the middle attacks Eve / Mallory Bob Alice 21

Man-in-the-middle ● Passive attacks (see „Sniffing“) ● Active attacks, e.g. − Packet drop − Packet modification − Packet injection − Packet replay Alice Bob Eve / Mallory 22

Adversary Model ● Important question: − What capabilities do I assume for the attacker? − What kind of attacks can the attacker perform? ● → Adversary model ● Required for implementing countermeasures/testing security protocols ● Typical adversary model (Dolev and Yao, 1983): − The attacker can perform any of the aforementioned action on transmitted packets − The attacker can not break “secure” algorithms (e.g. AES) ● Security schemes (e.g. cryptographic protocols) must guarantee their security goals in the presence of this attacker 23

Attack Examples 24

ARP ● Address Resolution Protocol ● Maps inside local networks from IP address to MAC address 10.0.0.8 Who has 10.0.0.8? 10.0.0.8 = FA … B3 FA … B3 25

ARP Spoofing (Redirection Attack) 10.0.0.8 Who has 10.0.0.8? FA … B3 10.0.0.8 = DC … A7 10.0.0.24 DC … A7 26

Denial-of-Service (DoS) ● Attacker tries to overload the target service or network ● → „Service Denial“ for legitimate users ● Attack can target different service layers: − Network (e.g. gateway, TCP/IP stacks) − Representation (e.g. XML processing) − Application − Database ● Attacker looks for the bottleneck inside the service processing chain! 27

DoS Example: SYN Flooding Client Server SYN Client Server SYN ACK SYN SYN ACK SYN ACK SYN ACK SYN SYN ACK 28

DDoS: Distributed DoS ● Often executed by multiple attackers: Distributed Denial of service (DDoS) ● Either controlled by botnet or „crowd“ 29

● Offers DDoS as a service: ● Millions of infected IoT devices (routers, IP cameras) DDoS: Mirai Botnet 50.000 devices for 2 weeks: 3000$ - 4000$ 30 Image Source: https://fossbytes.com/live-map-shows-record-breaking-mirai-malware-attacking-country/ Image Source: http://www.bleepingcomputer.com/news/security/you-can-now-rent-a-mirai-botnet-of-400-000-bots/

DDoS: Mirai Botnet ● Illustrating the infection with Mirai Source: Twitter 31

● One victim DDoS: Mirai Botnet 32 Source: http://krebsonsecurity.com/

Attack Examples ● ... many more to come throughout the class 33